viced: Restrict RXAFS_FlushCPS to administrators

RXAFS_FlushCPS currently can be run by anyone, including unauthenticated users. Forcing CPS calculation can be a relatively resource-intensive operation, though, if done frequently enough, and only should need to be done by administrators. Thus, only let administrators use it. Change-Id: Iaedd1e72e542b637070930bf1a0a9eba83a9ab64 Reviewed-on: http://gerrit.openafs.org/7572 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
2025-01-31 21:47:45 +00:00 · 2012-06-15 16:58:42 -05:00 · 2012-06-15 16:58:42 -05:00 · 568adf7d18
commit 568adf7d18
parent 7a875f639f
2 changed files with 7 additions and 0 deletions
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@ -5631,6 +5631,12 @@ SRXAFS_FlushCPS(struct rx_call * acall, struct ViceIds * vids,
    FS_LOCK;
    AFSCallStats.TotalCalls++;
    FS_UNLOCK;
+
+    if (!viced_SuperUser(acall)) {
+	errorCode = EPERM;
+	goto Bad_FlushCPS;
+    }
+
    nids = vids->ViceIds_len;	/* # of users in here */
    naddrs = addrs->IPAddrs_len;	/* # of hosts in here */
    if (nids < 0 || naddrs < 0) {
--- a/src/viced/viced.h
+++ b/src/viced/viced.h
@ -246,5 +246,6 @@ extern struct fs_state fs_state;
 #define FS_MODE_SHUTDOWN  1
 #endif /* AFS_DEMAND_ATTACH_FS */

+extern int viced_SuperUser(struct rx_call *call);

 #endif /* _AFS_VICED_VICED_H */